cancel
Showing results for 
Search instead for 
Did you mean: 
ash422
Level 9
Report Inappropriate Content
Message 1 of 4

Prevent hijacking of exe

Jump to solution

Hi All,

We want to verify that the following Access Protection policy is taking effect: Prevent hijacking of exe and other executable extensions.

How can we verify this? How does the policy take effect?

Does it stop you creating debugger keys under Image File Execution Options in Registry?

Thanks,

Ash

1 Solution

Accepted Solutions
wwarren
Level 15
Report Inappropriate Content
Message 4 of 4

Re: Prevent hijacking of exe

Jump to solution

I am not permitted to post specifics for you (requires an NDA).

I can describe for you that it protects hijacking the execution of .EXE files, .BAT, and .COM files.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
3 Replies
wwarren
Level 15
Report Inappropriate Content
Message 2 of 4

Re: Prevent hijacking of exe

Jump to solution

This article gives a better 'friendly' description of what the rules do:

https://kc.mcafee.com/resources/sites/MCAFEE/content/live/PRODUCT_DOCUMENTATION/20000/PD20870/en_US/...

Prevent hijacking of .EXE and other executable extensions

Intention:

This rule protects the .EXE and other keys under HKEY_CLASSES_ROOT. Some viruses alter

these keys to ensure that the virus is run when any other executable runs. Enabling this rule will prevent

spyware and malware from modifying important operating system and executable files.

Included processes: all

Excluded processes: installers

You can deduce from the explanation it does not cover the IFEO keys.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee
ash422
Level 9
Report Inappropriate Content
Message 3 of 4

Re: Prevent hijacking of exe

Jump to solution

Which exes and areas of registry are protected?

How does it stop viruses to alter files?

I guess I just want to verify that some changes are taking place on the system.

wwarren
Level 15
Report Inappropriate Content
Message 4 of 4

Re: Prevent hijacking of exe

Jump to solution

I am not permitted to post specifics for you (requires an NDA).

I can describe for you that it protects hijacking the execution of .EXE files, .BAT, and .COM files.

William W. Warren | S.I.R.R. | Customer Success Group | McAfee